Menu

#30 mysql unsecure user required

open
Remote API (2)
1
2012-09-12
2012-05-03
Anonymous
No

This is an issue reported in the bug 3522785, but I couldn't reopen that bug

Details:

I did submit a workflow, I got an access denied in the database (solved now) and the portal is reporting it as "running", while there is no way to it to be running

STORAGEURL(http://161.74.27.111:8080/storage):http://161.74.27.111:8080/storage
WFIURL(http://161.74.27.111:8080/wfi):http://161.74.27.111:8080/wfi
14:49:42,244 WARN [ThemeLocalServiceImpl:121] No theme found for specified theme id krisztiansztaki_WAR_krisztiansztakitheme. Returning the default theme.
14:49:42,246 WARN [ThemeLocalServiceImpl:121] No theme found for specified theme id krisztiansztaki_WAR_krisztiansztakitheme. Returning the default theme.
java.sql.SQLException: The user specified as a definer ('guse'@'%') does not exist
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3491)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3423)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1936)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2060)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2542)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1734)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2019)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1937)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1922)
at hu.sztaki.lpds.wfs.service.angie.StatusHandlerService.saveStat(StatusHandlerService.java:151)
at hu.sztaki.lpds.wfs.service.angie.StatusHandlerService.run(StatusHandlerService.java:171)
java.sql.SQLException: The user specified as a definer ('guse'@'%') does not exist
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3491)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3423)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1936)
at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2060)
at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2542)
at com.mysql.jdbc.PreparedStatement.executeInternal(PreparedStatement.java:1734)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2019)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1937)
at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1922)
at hu.sztaki.lpds.wfs.service.angie.StatusHandlerService.saveStat(StatusHandlerService.java:151)
at hu.sztaki.lpds.wfs.service.angie.StatusHandlerService.run(StatusHandlerService.java:171)
Submitted:

D Ferrer ( D Ferrer ) - 2012-05-01 07:29:21 PDT
Priority:

5
Status:

Closed
Resolution:

Invalid
Assigned:

Karóczkai Krisztián
Category:

gUSE/Settings
Group:

None
Visibility:

Public

Comment ( 1 )

Date: 2012-05-02 03:18:12 PDT
Sender: jkqxl2

Create your user ('guse'@'%') in your mysql server, or use valid user!

This is not a solution for a production portal, it's unsecure. Anyway it should be documented in the manual and is not.

Discussion

  • Akos Hajnal

    Akos Hajnal - 2012-05-21

    It seems that gUSE is not initialized properly (or not initialized after restart). Navigate to http://161.74.27.111:8080/information/ and set fields "Database URL" and "Database User's password" to a valid username and password, who has access right to the guse database.

     
  • Tobias Schlemmer

    It seems to me a duplicate of #3489878. I do not know any other place where the host name is hard coded in the SQL statements. The discussion there might be helpful.
    Dropping all stored procedures and recreating them with the scripts from a current guse version might help.

    @Krisztián:
    It's very hard to find the wiki. Both http://www.guse.hu/ and http://www.guse.hu/?m=documents&s=0 do not link to that page. So please, do not blame anyone for not reading it.
    BTW: guse@'your_table' will fail unless your gUSE MySQL user name is actually “guse” and the host name of the web server fits the string “your_table” by accident.

     
  • Karóczkai Krisztián

    Sorry guse@'your_table' in fact: guse@'your_client_host'

     
  • Akos Hajnal

    Akos Hajnal - 2012-05-22

    Dear Dario,
    It seems that Tobias answered your question (thank you for the support activity :)): in the newer versions of gUSE this stored procedure bug has been fixed.
    If you confirm the fix, we can close this report and continue in #3489878.

     

Log in to post a comment.

MongoDB Logo MongoDB